Bump apollo-server-express from 2.6.9 to 2.7.0 in /backend

Sourced from apollo-server-express's changelog.

v2.7.0

See complete versioning details.

• apollo-server-core, @apollo/gateway: Introduced managed federation support. For more information on managed federation, see the blog post or jump to the documentation for managed federation.

• @apollo/gateway@0.7.1: Don't print a warning about an unspecified "graph variant" (previously, and in many ways still, known as "schema tag") every few seconds. We do highly recommend specifying one when using the Apollo Platform features though! [PR #3043](https://github-redirect.dependabot.com/apollographql/apollo-server/pull/3043)

• apollo-engine-reporting: Behavior change: If the error returned from the engine.rewriteError hook has an extensions property, that property will be used instead of the original error's extensions. Document that changes to most other GraphQLError fields by engine.rewriteError are ignored. [PR #2932](https://github-redirect.dependabot.com/apollographql/apollo-server/pull/2932)

• apollo-engine-reporting: Behavior change: The engine.maskErrorDetails option, deprecated by engine.rewriteError in v2.5.0, now behaves a bit more like the new option: while all error messages will be redacted, they will still show up on the appropriate nodes in a trace. [PR #2932](https://github-redirect.dependabot.com/apollographql/apollo-server/pull/2932)

• apollo-engine-reporting: Behavior change: By default, send no GraphQL variable values to Apollo's servers instead of sending all variable values. Adding the new EngineReportingOption sendVariableValues to send some or all variable values, possibly after transforming them. This replaces the privateVariables option, which is now deprecated. [PR #2931](https://github-redirect.dependabot.com/apollographql/apollo-server/pull/2931)

  To maintain the previous behavior of transmitting all GraphQL variable values, unfiltered, to Apollo Engine, configure engine.sendVariableValues as follows:

  engine: {
    sendVariableValues: { all: true }
  }

• graphql-playground: Update to resolve incorrect background color on tabs when using the light theme. [PR #2989](https://github-redirect.dependabot.com/apollographql/apollo-server/pull/2989) [Issue #2979](https://github-redirect.dependabot.com/apollographql/apollo-server/issues/2979)

• graphql-playground: Fix "Query Planner" and "Tracing" panels which were off the edge of the viewport.

• apollo-server-plugin-base: Fix GraphQLRequestListener type definitions to allow return void. [PR #2368](https://github-redirect.dependabot.com/apollographql/apollo-server/pull/2368)

v2.6.7

See complete versioning details.

• apollo-server-core: Guard against undefined property access in isDirectiveDefined which resulted in "Cannot read property 'some' of undefined" error. [PR #2924](https://github-redirect.dependabot.com/apollographql/apollo-server/pull/2924) [Issue #2921](https://github-redirect.dependabot.com/apollographql/apollo-server/issues/2921)

v2.6.6

See complete versioning details.

• apollo-server-core: Avoid duplicate cacheControl directives being added via isDirectiveDefined, re-landing the implementation reverted in v2.6.1 which first surfaced in v2.6.0. [PR #2762](https://github-redirect.dependabot.com/apollographql/apollo-server/pull/2762) [Reversion PR #2754](https://github-redirect.dependabot.com/apollographql/apollo-server/pull/2754) [Original PR #2428](https://github-redirect.dependabot.com/apollographql/apollo-server/pull/2428)
• apollo-server-testing: Add TypeScript types for apollo-server-testing client. [PR #2871](https://github-redirect.dependabot.com/apollographql/apollo-server/pull/2871)
• apollo-server-plugin-response-cache: Fix undefined property access attempt which occurred when an incomplete operation was received. [PR #2792](https://github-redirect.dependabot.com/apollographql/apollo-server/pull/2792) [Issue #2745](https://github-redirect.dependabot.com/apollographql/apollo-server/issues/2745)

v2.6.5

See complete versioning details.

• apollo-engine-reporting: Simplify the technique for capturing operationName. [PR #2899](https://github-redirect.dependabot.com/apollographql/apollo-server/pull/2899)
• apollo-server-core: Fix regression in 2.6.0 which caused engine: false not to disable Engine when the ENGINE_API_KEY environment variable was set. [PR #2850](https://github-redirect.dependabot.com/apollographql/apollo-server/pull/2850)
• @apollo/federation: Introduced a README.md. [PR #2883](https://github-redirect.dependabot.com/apollographql/apollo-server/pull/2883)
• @apollo/gateway: Introduced a README.md. [PR #2883](https://github-redirect.dependabot.com/apollographql/apollo-server/pull/2883)

v2.6.4

See complete versioning details.

• @apollo/gateway: Pass context through to the graphql command in LocalGraphQLDatasource's process method. [PR #2821](https://github-redirect.dependabot.com/apollographql/apollo-server/pull/2821)

... (truncated)

• 1d44f3d Publish
• d77a51f Added punctuation to CHANGELOG.md.
• 7181fa3 Update CHANGELOG.md prior to final v2.7.0 release.
• 52ab22e Revert "Expose composed middleware via getMiddleware()" (#3046)
• c2b9071 Publish
• 7858ef5 Bump graphql-playground-react version to 1.7.30.
• 522b2db Fix bug preventing gateway rollback (#3027)
• b76ca73 Publish
• e2c6bed Align alpha versions prior to publishing.
• 83abe3a Remove unused apollo-server-core dependency from graphql-extensions.
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it). To ignore the version in this PR you can just close it
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.